Date: Tue, 21 Jan 2014 09:28:39 -0500 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: oss-security@...ts.openwall.com, 736247@...s.debian.org Subject: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a TOCTOU failure in python's xdg module (see attached message). Could a CVE be assigned to this? --dkg [ CONTENT OF TYPE message/rfc822 SKIPPED ] [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ